Olivia
Online
Michael Chan
@mchancloud
Father of two boys, guitar and uke player. Identity, GenAI, and security architect. My opinions are my own.
Chicago, IL
Joined March 2014
310 Following
1.1K Followers
905 Posts
Pinned Tweet
🔐If you ever need to call the AWS IAM or STS APIs, or want a snapshot of your IAM resources (users, roles, and policies), or just want to learn more on IAM's behavior, check out my two-part blog on this topic! https://t.co/O52YOszmbO
It's these types of exploits that make me extra careful when reviewing the security apps that use LLMs.
Hey @canva, you told us that you wouldn't answer security questions "without purchase of the Enterprise version". Is this reflective of your attitude towards customers who care about security, privacy, and compliance especially with the concerns everyone has around AI? Do better!
Who to follow
Ian Mckay
@iann0036
Sydney, Australia 🇦🇺 | #AWS Community Hero | IaC & security enthusiast | Breaks basically everything | he/him
Aidan W Steele
@__steele
I try to tweet novel things about AWS.“Shit-poster extraordinaire” according to @LastWeekInAWS. He/him. AWS Serverless Hero
David Yanacek 
@dyanacek
Sr. Principal Engineer at #AWS on #AgenticAI and on AWS DevOps Agent, formerly #CloudWatch #Lambda #APIGateway #IoT and #DynamoDB
I'd recommend this anyone needed to skill up on AWS IAM!
While not working on ☁️IAM security🔒, I've had to dive in Microsoft Copilot & Copilot Studio security. Copilot Studio is a no/low-code agent and chatbot platform with many integrations to your MS tenant, SNOW, Facebook, etc. Make sure your developers configure this securely!
a short summary of all new attack vectors, lol techniques and tools we published at bh/dc (400 words)
https://t.co/Odln7W5A9u
A 🪲 bug with Google Search's AI Overview feature? Either way its completely incoherent.... in repudiateas in scowlas in spurnas in turn downas..!
ICYMI!
Happy holidays everyone! Wishing you all a happy and secure Christmas season. Gingerbread house kit courtesy of @wiz_io and @SolvangBakery.
Awesome to see this in the docs now! Also check out this great session from @colmmacc where he covers FAS: https://t.co/J64HuGhQFK
👉For those who want more on AWS security internals, we finally have a great page describing Forward Access Sessions, the vehicle by which many AWS services does things on behalf of you. https://t.co/A7jiasxqhN @AWSIdentity
As of next year, #google will require premium subscriptions for things like IAM Recommender, Role Insights, etc.
This is the OPPOSITE of their mantra calling for shared fate instead of the shared responsibility model.
A massive loss in credibility.
Big pricing change to a valuable GCP security feature for least-privilege IAM. Requiring the org-level SCC Premium bundle instead of a pay-as-you-go per-service price will be prohibitively expensive and detrimental to security for many customers in the long run. @philvenables
Shame on you @googlecloud. Your competitor's AWS IAM Access Analyzer is free, and will likely remain so. If you cared about customer security, you're certainly not showing it.
😠Wondering today why @googlecloud charges for security features that @awscloud gives away for free. Shouldn't customer security be paramount?
"What will require Security Command Center Premium:
IAM Recommender, including lateral movement insights, role recommendations ..."
"What will require SCC Premium:
IAM Recommender, including lateral movement insights, role recommendations for non-basic roles, recommendations for custom roles, and recommendation for Google Cloud Storage buckets.
Policy Analyzer at scale (above 20 queries per day)."
@benbridts What direction is that?
Coming from someone reviewing the security controls that can be enabled in Azure, this isn't too comforting. AWS I know has a strong security culture, but much less sure about Microsoft.
🔒 What happened?
While releasing open-source training datasets, Microsoft's AI research team accidentally left the vault door open 👀
Over 38TB of data (!), including personal backups of employee workstations, private keys, and internal Microsoft Teams messages, were exposed.
Google's use of the vuln list https://t.co/5rXuASm2yy to claim better security than other CSP's is a classic example of misusing statistics by not understanding how the data has been curated and represented. @0xdabbad00
@alexadevs I was owed a May 13th payment, but its after 90 days, and according to your policy my money is now forfeit! I really hope this is not the case. I have upcoming payments as well :| Talking with Alexa support has not helped either.
Hey @alexadevs, my Alexa skill has earned $$ the past few months, but it's never been credited to my bank account even though I've provided the info as asked in the developer console. Can you assist? I hope no other devs have this issue!
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers